Home

DomainKeys

DomainKeys is an email authentication mechanism developed by Yahoo! in the mid-2000s to help verify that a message claiming to be from a given domain was indeed authorized by that domain and has not been altered in transit. It relies on public-key cryptography: the sending mail server signs the message with a private key, and the recipient can verify the signature using a public key published in DNS under the sender’s domain.

The signing process typically covers selected headers and parts of the body, and the signature is carried

DomainKeys was a predecessor to DomainKeys Identified Mail (DKIM). The IETF later standardized the approach in

In practice, DomainKeys is now considered deprecated or obsolete in favor of DKIM. Modern email authentication

in
a
DomainKey-Signature
header.
To
verify,
the
receiving
server
retrieves
the
public
key
from
DNS,
uses
it
to
check
the
signature,
and
thereby
gains
confidence
in
the
message’s
origin
and
integrity.
The
system
also
helps
prevent
certain
kinds
of
spoofing
and
tampering.
DKIM,
which
preserves
the
core
idea
but
adds
a
more
flexible
selector
mechanism
and
a
standardized
header
name
(DKIM-Signature).
Over
time,
the
DKIM
standard
(RFC
6376)
became
the
widely
adopted
specification,
and
DomainKeys
was
largely
superseded.
relies
on
DKIM,
often
in
combination
with
SPF
and
DMARC
to
improve
deliverability
and
provide
policy
and
reporting
for
domain
ownership.
Some
legacy
systems
may
still
recognize
DomainKeys,
but
it
is
rarely
used
in
current
deployments.